Netgear Cg30002 Status Manual

							Advanced Settings31
 NETGEAR Wireless Cable Gateway CG3000
Access Control by MAC Address
You can use access control to specify which wireless computers or device\
s can connect to 
the gateway based on their MAC addresses. If you do not set up access co\
ntrol, any wireless 
computer or device that is configured with the correct SSID and wireless\
 security settings will 
be allowed to access to your wireless network.
1. 
Log in to the gateway as described in  Log In to Your Gateway on page 9.
2.  In the main menu, under Advanced, select Wireless Settings. 
3.  Click the  Setup Access List  button to display the Wireless Card Access List screen.
Note:  If you are configuring the gateway from a wireless computer, make sure 
to add your computer’s MAC address to the Access List. Otherwise you \
will 
lose your wireless connection when you click Apply. You must then access\
 the 
gateway from a wired computer, or from a wireless computer that is on th\
e 
access control list, to make any further changes.
4.  By default the Allow Any radio button is selected. You can either allow \
computers to connect 
to the network based on their MAC addresses, or deny connections based o\
n MAC address. 
Select either the Allow List  or Deny List radio button. 
5.  Add devices to the Access List using either of these methods:
•     If the computer is in the Connected Wireless Devices table, click its ra\
dio button to  capture its MAC address. Then click Add.
•     Enter the MAC address of the device in the Add Access Filter fields. The\
 MAC  address can usually be found on the bottom of the wireless device. Then \
click  Add.
6.  Click  Apply  to save these settings.  
						

							Advanced Settings32
NETGEAR Wireless Cable Gateway CG3000 
Firewall Rules: Port Blocking
You can use port blocking to block outbound traffic on specific ports. O\
utbound traffic rules 
control access to outside resources from local users.The default rule is\
 to allow all access 
from the LAN side to the outside. You can use port blocking to add prede\
fined or custom rules 
to specify exceptions to the default rule.
Note:  
Any outbound traffic that is not blocked by rules that you have 
created is allowed by the default rule.
1.  Select  Advanced > Firewall Rules.  The Port Blocking section is near the bottom of the 
screen
.
2.  In the Services field, select a service from the drop-down list. (For example, FTP, wh\
ich 
uses TCP ports 20 and 21.)
3.  To add a custom rule that is not in the list of services, specify these \
settings in the Add 
Custom Rules table:
•     Name . Enter a name for the service.
•     Start Port. Enter the start port for the service.
•     End Port.Enter the end port for the service.
•     Protocol. Select the protocol for the ports: -     TCP . Select TCP only.
-     UDP . Select UDP only.
-     Both. Select both TCP and UDP.
•     Local IP Address . Complete the local IP address for the computer that is using the 
service. 
						

							Advanced Settings33
 NETGEAR Wireless Cable Gateway CG3000
4. 
Perform one of the following actions:
•      Click  Add to save your settings. The Active Filters table now displays the list o\
f ports 
that are currently forwarded.
•     To delete a service, select the radio button in the Active Filters table\
 for the service  that you want to delete, and then click Delete .
•     To reset the selection in the Services drop-down list and to clear all t\
he fields in the  Add Custom Rules table, click  Reset.
Firewall Rules: Port Forwarding
A firewall has default rules for inbound traffic (WAN to LAN) and for \
outbound traffic. Port 
forwarding affects the inbound rules. These rules restrict access from o\
utsiders. By default, 
the gateway blocks access from outside except responses to requests from\
 the LAN side. 
You can use port forwarding to add rules to specify exceptions to the de\
fault rule.
Because the gateway uses Network Address Translation (NAT), your netwo\
rk presents only 
one IP address to the Internet, and outside users cannot directly addres\
s any of your local 
computers. However, by defining an inbound rule you can make a local ser\
ver (for example, 
a web server or game server) or computer visible and available to the I\
nternet. The rule tells 
the Gateway to direct inbound traffic for a particular service to one lo\
cal server or computer 
based on the destination port number. This is also known as port forward\
ing.
Some residential broadband ISPs do not allow you to run server processes\
 (such as a Web 
or FTP server) from your location. Your ISP might check for servers and\
 suspend your 
account if it finds active services at your location. See the Acceptable\
 Use policy of your ISP.
To configure port forwarding and services for specific inbound traffic:
1. Select  Advanced > Firewall Rules.  The Port Forwarding section is on the top.
2.  In the  Service field, select a service from the 
drop-down list. (For example, FTP, which 
uses TCP ports 20 and 21.)
3.  To add a custom rule that is not in the list of 
services, specify these settings in the Add 
Custom Rules table:
•     Name . Enter a name for the service.
•     Start Port. Enter the start port for the  service.
•     End Port.Enter the end port for the  service.
•     Protocol. Select the port protocol: -     TCP . Select TCP only.
-     UDP . Select UDP only.
-     Both . Select both TCP and UDP. 
						

							Advanced Settings
34 NETGEAR Wireless Cable Gateway CG3000 
•     Local IP Address. Enter the local IP address for the computer that uses the service.
4. Perform one of these actions:
•     Click Add. The Active Forwarding Rules table displays the list of forwarded ports.
•     To delete a service, select the radio button in the Active Forwarding Rules table for the 
service that you want to delete, and then click Delete.
•     To reset the selection in the Services field and to clear all the fields in the Add Custom 
Rules table, click Reset.
Considerations for Port Forwarding
•     If the IP address of the local server PC is assigned by DHCP, it might change when the 
PC is rebooted. To avoid this, you can assign a static IP address to your server outside 
the range that is assigned by DHCP, but in the same subnet as your LAN. By default, the 
IP addresses from 192.168.1.2 through 192.168.1.9 are reserved for this purpose.
•     Local PCs must access the local server using the PCs’ local LAN address 
(192.168.1.XXX, by default). Attempts by local PCs to access the server using the 
external WAN IP address will fail.
•     Port forwarding opens holes in your firewall. Only enable ports that are necessary.
WAN Setup
Select Advanced > WAN Setup to set up a Default DMZ Computer to display the following 
screen. A Default DMZ Computer lets you set up a PC that is available to anyone on the 
Internet for services that you havent defined. For security reasons, do this only if you are 
willing to risk open access. If you do not assign a Default DMZ Computer, the gateway 
discards any undefined service request. 
Respond To Ping On Internet Port. If you want the CG3000 to respond to a Ping from the 
Internet, click this check box. This can be used as a diagnostic tool. 
MTU Size. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 
1500 Bytes. For some ISPs you may need to reduce the MTU. But this is rarely required, and 
should not be done unless you are sure it is necessary for your ISP connection 
						

							Advanced Settings
35  NETGEAR Wireless Cable Gateway CG3000
Assign a Computer as The DMZ Host
1. Type the last field of the IP address field in the DMZ Address field. 
2. Click Apply. 
Remove a Computer from Being a DMZ Computer:
1. Type 0 in last field of the IP address field in DMZ Address. 
2. Click Apply. 
Dynamic DNS
A Dynamic DNS (DDNS) Service provides a central public database where information such 
as email addresses, host names and IP addresses can be stored and retrieved. The 
Dynamic DNS server also stores password-protected information and accepts queries based 
on e-mail addresses. The Router supports only basic DDNS and the login and password may 
not be secure. If you have a private WAN IP address, do not use DDNS service as it may 
lead to problems. 
Note: you have to register for the DNS service. When you register, the DDNS 
client service provider gives you a password or key. 
Select Advanced > Dynamic DNS to display the following screen:
Select the Use A Dynamic DNS Service check box. 
1. Select the name of your dynamic DNS Service Provider. 
2. Type the Host Name (or domain name) that your dynamic DNS service provider gave you. 
3. Type the User Name for your DDNS account. 
4. Type the Password (or key) for your DDNS account. 
5. Click Apply to have the DDNS service used. 
Use Wildcards. If you have DYNDNS as your DDNS service provider, you may select the 
Use Wildcards check box to activate this optional feature.  
						

							Advanced Settings36
NETGEAR Wireless Cable Gateway CG3000 
LAN IP Setup
The LAN IP screen allows you to configure LAN services such as the IP ad\
dress of the 
gateway and DHCP. The TCP/IP and DHCP default values work fine in most c\
ases. 
Note:  If you disable the DHCP server, you will need to assign to your 
computer a static IP address to reconnect to the gateway and enable 
the DHCP server again.
1.  Select  Advanced > LAN IP . 
2. Enter these settings:
•     LAN IP Address. The factory default  setting is 192.168.1.1.
•      Subnet Mask . The network number portion 
of an IP address. Unless you are 
implementing subnetting, use 
255.255.255.0 as the subnet mask.
•     DHCP Server : The Yes radio button is 
selected by default so the gateway acts as 
a DHCP server, providing the TCP/IP 
configuration for all the computers 
connected to it. 
If you will assign IP addresses manually, or 
you have another DHCP server on your 
network, select the No radio button.
•     Starting IP Address and Ending IP  Address. These fields specify the range in 
the IP address pool. 
•     Max Users. The maximum number of  users on the network.
•     DHCP Lease. See the following section,  Reserving an IP Address for DHCP Use  .
3.  Click  Apply to save your LAN settings 
						

							Advanced Settings
37  NETGEAR Wireless Cable Gateway CG3000
Reserving an IP Address for DHCP Use
To reserve an IP address for DHCP use, enter the DHCP server reservation settings for the 
private LAN under DHCP Reservation Lease Info in the LAN Setup screen.
Reserve an IP address for DHCP:
1. Enter the MAC address of the computer for which you want to reserve an IP address.
2. Enter the permanent IP address for the computer.
3. Click Add to save your settings. The MAC address and IP address display in the DHCP 
Client Lease Info table. The current system time is also displayed.
Delete an IP address from the DHCP Client Lease Info table:
1. In the DHCP Client Lease Info table, click the radio button for the MAC and IP address 
that you want to remove.
2. Click Delete to remove the information for the selected MAC and IP address from the DHCP 
Client Lease Info table. 
To remove all information from the DHCP Client Lease Info table, click Clear DHCP 
Leases. 
						

							Advanced Settings38
NETGEAR Wireless Cable Gateway CG3000 
Remote Management
With remote management, you can allow a user or users on the Internet to\
 configure, 
upgrade, and check the status of the gateway.
Note:  Use very secure passwords if you enable remote management. 
Passwords should contain no dictionary words from any language, 
and should be a mixture of letters (both upper and lower case), 
numbers, and symbols. Your password can be up to 16 characters.
To manage this gateway through the Internet, you need its public IP Addr\
ess, as seen from 
the Internet. This public IP address is allocated by your ISP. But if yo\
ur ISP account uses a 
dynamic IP address, the address can change each time you connect to your\
 ISP. There are 
two solutions to this problem:
•     Have your ISP allocate you a fixed IP address.
•      Use the DDNS (Dynamic DNS) feature so you can connect using a domain n\
ame, rather 
than an IP address. 
1.  In the main menu, under Advanced, select Remote Management.
2.  Select one of the Allow Remote Management  check boxes.
3. Fill in the Remote User Name  and Remote Password  fields. 
4.  Specify the port numbers to access the gateway remotely in your browser \
when you 
connect. To specify the port numbers:
a. From a remote location, start a browser.
b.  In the Address or Location field, enter the Internet IP address of this \
gateway (NOT 
the LAN IP address), followed by a colon and the port number, as follow\
s:
http://ip_address:pn
ip_address is the Internet IP address of this gateway. 
pn is the port number assigned on this screen.  
						

							Advanced Settings39
 NETGEAR Wireless Cable Gateway CG3000
c. 
You are prompted for the password for this gateway.
5.  If you want the ability to reset to factory default settings remotely, a\
nd then log in again 
remotely, select the  Allow Remote management after Factory Default Reset  check box. 
6.  Click  Apply to save your changes.
Allow Remote Management 
(HTTP/HTTPS) CM interface If selected, remote management is enabled, and connection from the 
Internet to this gateway with HTTP and HTTPS is possible. The correct po\
rt 
number must be used when connecting
Allow Remote Management 
(HTTP/HTTPS) CM interface If selected, remote management is enabled, and connection from the 
Internet to this gateway with HTTP and HTTPS is possible. 
Remote User Name and Remote 
Password Enter the User Name and Password that will be used from the remote PC to\
 
manage the gateway. Use a very secure password.
Port Number fields Web browser access normally uses the standard HTTP service port 80. 
NETGEAR recommends that you use a different port number for remote 
management, as using port 80 will prevent the use of a Web Server on you\
r 
LAN, and can be more readily discovered by hackers. Use the default 
(8080) or choose a port number between 1 and 65535.
Revert to factory default settings Allow Remote management after Factory Default Reset
IP Address to connect this device The gateway’s public IP address so you can manage this gateway from t\
he 
Internet. Note that if your ISP account uses a dynamic IP address, this \
value 
changes each time you connect to your ISP. You can either request your I\
P 
allocate a fixed IP address to you or use the Dynamic DNS (DDNS) featu\
re 
to connect with a domain name instead of an IP address.
Remote Management Settings   Description 
  
						

							Advanced Settings40
NETGEAR Wireless Cable Gateway CG3000 
Universal Plug and Play (UPnP)
Universal Plug and Play (UPnP) helps devices, such as Internet applian\
ces and computers, 
access the network and connect to other devices as needed. UPnP devices \
can 
automatically discover the services from other registered UPnP devices o\
n the network. With 
UPnP you can specify:
•     Advertisement Period . This specifies how often the gateway broadcasts its UPnP 
information. The default is 30 minutes. Lower numbers ensure that contro\
l points 
have current device status at the expense of additional network traffic.\
 Larger 
numbers may compromise the freshness of the device status but can signif\
icantly 
reduce network traffic.
•      Advertisement Time to Live. The life of the advertisement, measured in hops (steps) 
for each UPnP packet that is sent. A hop is the number of steps that are\
 allowed to 
propagate for each UPnP advertisement before it disappears. The number o\
f hops 
can range from 1 to 255. The default value for the advertisement time to\
 live is 4 hops, 
which should be fine for most home networks. If you notice that some dev\
ices are not 
being updated or reached correctly, you might need to increase this valu\
e slightly.
1.  Select  Advanced > UPnP . 
2. Select the  Turn UPnP On  check box. The default setting is disabled, which prevents the 
gateway from allowing any device to automatically control of its the res\
ources, such as port 
forwarding.
3.  Fill in the Advertisement Period  and Advertisement Time to Live fields.
The UPnP Portmap Table displays the IP address of each UPnP device that \
is currently 
accessing the gateway and which internal and external ports of the gatew\
ay were opened 
by that device. The UPnP Portmap Table also displays the protocol for th\
e port that was 
opened and if that port is still active for each IP address.
4.  Perform one of the following actions:
•     Click Apply  to save your settings.
•     Click Cancel to disregard any unsaved changes.
•     Click Refresh to update the UPnP Portmap Table and to show the active ports that  are currently opened by UPnP devices.